I've attached a patch that adds documentation for the netdev and module hooks. If there aren't any objections, I can commit it. One question: I was reminded again of the fact that the delete_module hook is only called in the case where a name is specified. Do we want to also invoke it in the other case, with a NULL name? The capable(CAP_SYS_MODULE) check is always performed, but I wondered if that might not be adequate since CAP_SYS_MODULE is also used for all of the other module calls. -- Stephen D. Smalley, NAI Labs ssmalleyat_private --- lsm-wirex/include/linux/security.h Tue Sep 18 14:05:15 2001 +++ lsm/include/linux/security.h Tue Sep 18 15:02:31 2001 @@ -1589,14 +1589,74 @@ const char *optptr, unsigned char **pp_ptr); }; +/** + * Security hooks for network devices. + */ struct netdev_security_ops { - void (*unregister) (struct net_device *dev); + /** + * unregister - update state when a network device is unregistered + * @dev: the network device + * + * called: unregister_netdevice <net/core/dev.c> + * + * lock: the rtnl semaphore is held by the caller. + * + * Update the module's state when a network device is unregistered, + * deallocating the dev->security field if it was previously allocated. + * Since it would be quite invasive to provide hooks in every + * location where a network device might be probed or initialized, + * there are no separate hooks for allocation or initialization. + * Security modules can allocate and initialize the dev->security + * field on the first access to the device, but should be + * careful to use nonblocking allocation. + */ + void (*unregister) (struct net_device *dev); }; +/** + * Security hooks for kernel module operations. + */ struct module_security_ops { - int (* create_module) (const char *name, size_t size); - int (* init_module) (const char *name, struct module *mod); - int (* delete_module) (const char *name); + /** + * create_module - check permission when allocating space for a module + * @name: module name + * @size: module size + * + * called: sys_create_module <kernel/module.c> + * + * lock: The big kernel lock is held. + * + * Check permission before allocating space for a kernel module. + * Return 0 if permission is granted. + */ + int (* create_module) (const char *name, size_t size); + + /** + * init_module - check permission when initializing a module + * @name: module name + * @mod: the module + * + * called: sys_init_module <kernel/module.c> + * + * lock: The big kernel lock is held. + * + * Check permission before initializing a kernel module. + * Return 0 if permission is granted. + */ + int (* init_module) (const char *name, struct module *mod); + + /** + * delete_module - check permission when removing a module + * @name: module name + * + * called: sys_delete_module <kernel/module.c> + * + * lock: The big kernel lock is held. + * + * Check permission before removing a kernel module. + * Return 0 if permission is granted. + */ + int (* delete_module) (const char *name); }; /** _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 12:10:55 PDT